eVision CMS versions 2.0 and below suffer from a remote SQL injection vulnerability.
9c8d713c7c35a06064f7bf6581fe29cc3b13eb24149ab46c58068d0d87aa92a0
Spider Player version 2.3.9.5 off-by-one crash exploit that creates a malicious .asx file.
b37924ca969231857597c6d80c70325c1e5ce9445a881ee2eb632255500c7376
Orca version 2.0.2 suffers from a remote cross site scripting vulnerability.
916cc9d1b3596aac9e10d1096cfb1304c660a986a0ca4b448435203756a4c7b3
SkaLinks version 1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
85cf8611765eb9db0d0df17c831ed0d0ef03a9724505f23eeea2a0a553e75317
BPAutoSales version 1.0.1 suffers from remote SQL injection and cross site scripting vulnerabilities.
c023e0c309be5317be25973826c74be4242842fb27f5c736b0797e8db4d772ed
ReVou Micro Blogging suffers from remote SQL injection and cross site scripting vulnerabilities.
3c5169d763298c5231c8f2d1d773b6e643d7a8d1aa9e1ce5795a96318c8f8c00
Updated version of the Google Chrome chromehtml: code execution vulnerability that demonstrates disabling of the sandbox. Version 1.0.154.46 is affected.
51fc96a054aa0a16bfb637685259cda45d65bdab9ef532392919c35d2dc90cd4
Enomaly ECP/Enomalism versions prior to 2.1.1 use temporary files in an insecure manner, allowing for symlink and command injection attacks.
c2f83d754ab9d6bdb0af2e41fc5bf6c46034f1807d705f25738a759685b5720d
Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8348d6de98893f1fbe8f491cb7e3dbf8a1f1b7c208a476cf8a27a8b3c4e972c9
Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8c6f6fe9e4d988f1180099d2a613b38e803523f9b1e5b972d27ba0320dec08c6
Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0
Bugs Online version 2.14 suffers from a remote SQL injection vulnerability.
0a88d3b55f28b0a4f82f0dce8c3bbc62c5a92db5018bc1800885eceaafb87f28
SalesCart suffers from a remote SQL injection vulnerability that allows for authentication bypass.
272e003df6bc0f8bfd7425c36a392cf8f9a03239d5d94771f9f1a8d8b7c38288
The Synactis ALL_IN_THE_BOX Active-X control version 3 can be used to overwrite any file on the target system.
4afaabb56023a25add6063e9ec59e28b576018aa311b37d57b0e39e863ead25c
RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
6ad7db2fee05e7f77e25141a1ffe1e2520f58a86433a935340e2606f12d65c95
OpenX versions 2.4.9 and below and versions 2.6.3 and below suffer from cross site scripting, SQL injection, and directory traversal vulnerabilities.
1832f2bf4c9549691dc54114426b945ebc52efd40a6911f23a26b27c4143a951
Ubuntu Security Notice USN-716-1 - Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Fernando Quintero discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting vulnerabilities. It was discovered that MoinMoin did not properly sanitize its input when processing user forms, editing pages, relaying error messages, or when attaching files.
3cf813802484b2e1dd4008c636dbd66d0098aaba73a35e91aab0e08180c8c49c
Remote SEH overwrite exploit for the Amaya Web Editor version 11.
2c0b2d54999c4dfb93c0f9554c5cdb8eca499a61d6e95636691122746b9f35b5
Ubuntu Security Notice USN-715-1 - Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. It was discovered that the inotify subsystem contained watch removal race conditions. Dann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. Helge Deller discovered that PA-RISC stack unwinding was not handled correctly. It was discovered that the ATA subsystem did not correctly set timeouts. It was discovered that the ib700 watchdog timer did not correctly check buffer sizes.
38c520869098e9813d93864d6c37bc8de4fe7d2bc92f3b2be53a69a2c73f4c00
PHPass hash brute forcer. This cracker works against any hash created by this framework to encrypt and store hashed passwords. Such projects that use it include Wordpress, Drupal, bbPress, phpBB3, and many others.
961a2e5522b52e08738a3bc9be03961d5712e7df699ec03509de6d004107c36f
Debian Security Advisory DSA 1704-2 - The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files.
a53dde812a55df0e6191af651858f7f511c485436ae9c37e4f3c81409cb7e605
PerlSoft Gastebuch version 1.7b bruteforcer and remote code execution exploit.
b5868e023a69e0ce31dbec8579a2cfec5d5c25a32f25f07c9f3aafb5365e85ef
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
55980cb2ec1a2cfdd01689595f3efd138b5d2f80dc934022f5f5a11b2fb20f71
Cross site request forgery exploit for the Zoom VoIP Phone Adapter ATA1+1.
b7a879af0e63dfc674bbe105d6e012812a973586e3a3408e57c389415d5f7ed3
The D-Link VoIP Phone Adapter suffers from cross site request forgery and cross site scripting vulnerabilities.
c4e3b913ff8a3c1893e65e9fa06fdd4a1a81f7006e219e1c4da73116200e008e